in client-library/src/Attestation/LinuxTpm/testclient/main.cpp [318:397]
void process_unseal()
{
Tss2Ctx tmpCtx;
std::vector<unsigned char> inPub;
std::vector<unsigned char> inPriv;
std::vector<unsigned char> encryptedSeed;
attest::HashAlg hashAlg = attest::HashAlg::Sha256;
attest::PcrSet pcrSet;
pcrSet.hashAlg = hashAlg;
// Seal/unseal data to first 14 PCRs
for (int i = 0; i < 14; i++)
{
pcrSet.pcrs.push_back(attest::PcrValue());
pcrSet.pcrs[i].index = i;
}
TestUtil::PopulateCurrentPcrs(tmpCtx, pcrSet);
cout << "Unealing from stored Ek" << std::endl;
// Fake seal data
std::vector<unsigned char> clearKey{'A', 'B', 'C'};
TestUtil::SealSeedToEk(tmpCtx, pcrSet, hashAlg, clearKey, inPub, inPriv, encryptedSeed, true);
auto data = g_tpm.Unseal(inPub, inPriv, encryptedSeed, pcrSet, hashAlg, false);
cout << "Expected Seed: 0x";
std::ios state(NULL);
state.copyfmt(std::cout);
cout << hex;
for (auto& byte : clearKey)
{
// this ensures leading zero not lost when printing out byte
cout << setfill('0') << setw(2) << (int)byte;
}
cout.copyfmt(state);
cout << endl;
cout << "Actual decrypted seed: 0x";
state.copyfmt(std::cout);
cout << hex;
for (auto& byte : data)
{
cout << (int)byte;
}
cout.copyfmt(state);
cout << endl;
cout << "Unealing from generated Ek" << std::endl;
// Fake seal data
std::vector<unsigned char> clearKey2{ 'A', 'B', 'C' };
TestUtil::SealSeedToEk(tmpCtx, pcrSet, hashAlg, clearKey2, inPub, inPriv, encryptedSeed, false);
auto data2 = g_tpm.UnsealWithEkFromSpec(inPub, inPriv, encryptedSeed, pcrSet, hashAlg, false);
cout << "Expected Seed: 0x";
std::ios state2(NULL);
state2.copyfmt(std::cout);
cout << hex;
for (auto& byte : clearKey)
{
// this ensures leading zero not lost when printing out byte
cout << setfill('0') << setw(2) << (int)byte;
}
cout.copyfmt(state2);
cout << endl;
cout << "Actual decrypted seed: 0x";
state2.copyfmt(std::cout);
cout << hex;
for (auto& byte : data)
{
cout << (int)byte;
}
cout.copyfmt(state2);
cout << endl;
}